WordPress Plugin · v1.0.9 · Live on WordPress.org
Upgrade Pilot
Know when a plugin changes hands, gets abandoned, or is closed. Freeze its updates. And check your site survives the next WordPress and PHP upgrade.
- WordPress 6.2+
- PHP 7.4+
- GPLv2+
- Multisite
- Read-only
Live on the WordPress.org plugin directory. This page is the plugin’s official home.
WordPress tells you when a plugin has an update. It never tells you who is behind that update.
Plugins get sold. Authors walk away. Maintainers are quietly added to a project. Occasionally a plugin is closed on WordPress.org for a security problem, and the copy on your site keeps running as if nothing happened. In every one of those cases WordPress shows you exactly what it showed you yesterday: nothing. Upgrade Pilot watches the things WordPress does not.
How it works
Two jobs, done properly.
Job one · Update trust
Know who is behind your next update
WordPress tells you a plugin has an update. It never tells you the plugin was sold last week, that someone new just gained commit access, or that it was quietly closed on WordPress.org for a security problem. Upgrade Pilot snapshots the public directory record of every plugin you run, every day, and flags the moment any of that changes.
- Author changes — the single clearest signal to look before you leap.
- New contributors — someone new now has commit access to your site.
- Closed or removed from WordPress.org, with the reason given.
Recent events
| SEO Booster | Author changed orbit-labs → axis-media-llc | Acknowledge | |
| Contact Form Lite | Closed on WordPress.org Reason: security | Acknowledge | |
| Slider Deluxe | Contributor(s) added dev-newcomer | Acknowledge |
Plugin custody & update freeze
| Slider Deluxe 3.4.1 | Author: axis-media · 2 contributors | Freeze |
| SEO Booster 5.0.0 | Auto-updates held while you review | held Unfreeze |
Job two · Upgrade readiness
Know the upgrade will not break the site
Before you move to a new PHP or WordPress version, Upgrade Pilot answers whether it is safe — your server against the requirements WordPress itself reports, every plugin and theme cross-referenced against WordPress.org, and a local scan of your plugins’ PHP code for anything modern PHP removed, down to the file and line.
- Server checks — PHP, database, memory, extensions, HTTPS — read live from WordPress.
- Every plugin & theme cross-referenced against its WordPress.org record.
- A local static scan of your PHP, batched so it never times out.
Nothing blocks your move to PHP 8.3
Target PHP 8.3 · this server runs 8.1. FACT checks are deterministic; ADVISORY results never block the verdict.
Server environment FACT
| PHP version | 8.1.27 — meets minimum, target 8.3 supported | |
| Database | MySQL 8.0 — above requirement | |
| PHP security support | 8.1 gets security fixes until Dec 2025 |
Installed plugins vs WordPress.org FACT
| Gallery Pro | Not tested against WordPress 6.6 | |
| Legacy Cache | Requires PHP 8.3 — above your target |
Static PHP compatibility scan ADVISORY
2 possible errors and 5 warnings found (3 suppressed by you). Advisory findings are hints, not verdicts.
Read-only, always
Upgrade Pilot never updates, deactivates, installs, or rewrites anything. The one thing it can change is a per-plugin auto-update hold, and only when you click the button yourself.
Honest about certainty
Deterministic results are labelled fact. Static-analysis results are labelled advisory and never drive the verdict on their own, because version-guarded and unreachable code legitimately trigger them.
Nothing sent behind your back
The only thing that leaves your site is a public plugin slug, sent to the same WordPress.org API core already uses. Every outbound request was logged and reconciled against the readme — in both directions.
In the free build
More than you would expect to be free.
-
Per-plugin update freeze
Hold one plugin’s automatic updates while you decide. Opt-in, never touches core, manual updates always available.
-
Site Health integration
Readiness surfaced inside WordPress’s own Site Health screen and its status tests.
-
Dashboard summary widget
The current verdict and any unread trust events, at a glance on wp-admin.
-
Email alerts + daily digest
Immediate mail for critical events, a daily digest for warnings. Informational events stay in the UI.
-
Weekly re-scan
A scheduled readiness re-scan runs on its own, on by default — no cron wrangling.
-
WP-CLI
wp upgrade-pilot scan, status and report — for servers you drive from the terminal.
-
Machine-readable export
--format=json on the CLI, ungated and unmetered. Pipe the whole report straight into jq.
-
REST endpoint
GET /wp-json/upgrade-pilot/v1/report for dashboards and fleet tooling, guarded by manage_options.
Free vs Pro
Pro is for when the site belongs to a client.
Every paid tier includes every feature; tiers differ only by how many sites your licence covers. Here is the honest split.
| Capability | Free | Pro |
|---|---|---|
| Update-trust monitoring (author, contributors, closures, abandonment) | ✓ | ✓ |
| Upgrade readiness report + static PHP compatibility scan | ✓ | ✓ |
| Per-plugin manual update freeze | ✓ | ✓ |
| Machine-readable export (WP-CLI --format=json + REST) | ✓ | ✓ |
| Runs full on multisite (network storage, network-wide freeze) | ✓ | ✓ |
| Scheduled re-scan | Weekly | Daily / twice-daily |
| White-label client report (PDF / print, your name & colour) | — | ✓ |
| Readiness summary emailed to your client, on a schedule | — | ✓ |
| Slack & webhook alerts for update-trust events | — | ✓ |
| Automatic update-hold policies (cooling-off on owner change) | — | ✓ |
| Network Overview — every subsite’s status on one screen | — | ✓ |
| Private email channel with the developer | — | ✓ |
Pro is a separate download, not an in-place upgrade — activating it switches the free copy off for you, and your settings, scan history and freeze list carry over untouched.
Questions people ask.
Does this plugin block updates?
No, not by default, and never silently. It ships with nothing frozen. When you do freeze a plugin it holds automatic updates for that one plugin only, using WordPress’s standard per-plugin filter — core is never affected, the update still shows on your Plugins screen, and you can install it manually any time. If a frozen plugin is later closed for a security issue, Upgrade Pilot says so loudly and tells you to unfreeze.
Why should I care who owns a plugin?
Because ownership changes are invisible in your dashboard, and they change who can push code to your site. A plugin can be sold, or hand a new maintainer commit access, and the next automatic update arrives looking exactly like every previous one. Upgrade Pilot puts a name and a date on that moment so you can decide whether to let the update through.
Does the scanner send my code anywhere?
No. The code scan runs entirely on your own server, in small time-sliced batches so it never times out on shared hosting. The only thing that ever leaves your site is the public slug of a plugin or theme, sent to the WordPress.org API — the same API WordPress core already queries for its own update checks.
What does "advisory" mean next to a finding?
It means the finding came from reading your code rather than from a definitive fact, and might be a false positive: code behind a version check, a dead branch, or a bundled polyfill can all trigger one. Advisory findings never turn your verdict red on their own, and you can permanently suppress any you have checked.
Does it work on a multisite network?
Yes, in full, for free. Network-activate it and a super admin manages it from the Network Admin menu. Because a network shares one copy of each plugin’s files, it keeps one set of data for the whole network and a freeze holds everywhere. What Pro adds on a network is the Network Overview screen — not multisite itself.
Running WordPress sites you cannot afford to break?
Upgrade Pilot is the preflight check before every update and every version bump. Free, read-only, and built by someone who reads every support thread.